TWiki>
CF Web>CscfSpecific>LisaNovember2004>LisaNov2004TutorialR4 (2005-04-27, MikePatterson)
EditAttach
CF Web>CscfSpecific>LisaNovember2004>LisaNov2004TutorialR4 (2005-04-27, MikePatterson) EditAttach Next-Generation Security Tools
Security policy includes what you are securing - include assumptions (like physical security: "we assume that the building is secured against unauthorized entry").
"Attack surface" - lots or little ports listening, what they do, etc
Some switches revert to hubs when they get overloaded - switched networks aren't safer. (But we knew that already, ettercap.)
NSA has OS security guidelines on their site.
Sample intrusion policy for us:
- PCs
- research group servers
- core servers
- sysadmin staff workstations
Hard disk encryption
- Pointsec (Win32)
- Mobile Armour (Win32, Linux, maybe Mac OS X)
- people had bad experiences with PGP Disk
- File Vault - ambivalent
- Built in Windows agent is ok, but uses escrow by default - and it's the local admin, unless you change it
Problems with passphrases: sometimes they get truncated "silently"
-- MikePatterson - 27 Apr 2005
Edit | Attach | Topic revision: r1 - 2005-04-27 - MikePatterson
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
- CF Web
- CF Web Home
- Changes
- Index
- Search
- Administration
- Communication
- Hardware
- HelpDeskGuide
- Infrastructure
- InternalProjects
- Linux
- MachineNotes
- Macintosh
- Management
- Networking
- Printing
- Research
- Security
- Software
- Solaris
- StaffStuff
- TaskGroups
- TermGoals
- Teaching
- UserSupport
- Vendors
- Windows
- XHier
- Other Webs
- My links
 |
|
Copyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback